← Back to Project List
Palantir Ontology 将企业数据、规则、动作和权限收束到一套可被人、应用和Agent共同使用的业务对象体系。本报告系统研究其技术架构(Object Type、Link Type、Action Type、Interface),分析其与知识图谱、数据中台的本质差异,并为 TAOS 企业级智能体管理平台提供实现借鉴。

1. Summary of Research Conclusions

First of all, the conclusion: the most worthy reference of Palantir Ontology is not that it makes enterprise data into a "knowledge map", but that it combines the data, rules, actions and permissions in the enterprise into a set of business object systems that can be used by people, applications and agents.

This point is very crucial. When many enterprises make AI platforms, their first reaction is to connect models, knowledge bases and packaging tools. However, when it comes to business execution, Agent is often faced with scattered interfaces, scattered documents, different caliber data tables and separate authority systems. Palantir idea is closer to "build a model of the business world of the enterprise first, and then let the AI act in that model".

I took it apart and saw that the core was about four layers:

  1. Business Object Modeling Layer: uses Object Type, Property Type, Link Type, Interface, and other abstractions to express the real business world.
  2. Data Mapping and Index Layer: Maps data in databases, data lakes, streaming data, files, and external systems to objects, attributes, and relationships, and builds multiple indexes for object queries, graph queries, searches, time series, and geography.
  3. Action and Logic Layer : Use Action Type, Function, Query, Workflow and other mechanisms to upgrade "Query Data" to "Trigger Business Action" and support approval, verification, write back, automation and human-machine collaboration.
  4. Governance and Security Layer: Permissions, data blood, auditing, object-level security, attribute-level security, and dynamic security policies are integrated into the entire process of object query, action execution, and Agent tool invocation.

The inspiration for TAOS is also more direct: enterprise-class Agent OS can't just stop at model access, Prompt management, MCP tool gateway and knowledge base Q & A. It requires a layer of Enterprise Operational Ontology (enterprise operation ontology layer), which allows the Agent to face managed business objects such as "customers, orders, products, stores, packages, work orders, contracts, equipment, policies, approvals", and then complete the business closed loop through controlled actions.

2. Data pool and document list

One point needs to be made here: strictly speaking, there are not many academic papers on Palantir Ontology, and public information is mainly scattered in official white papers, product documents, SDK, patents and a small number of conference papers. Therefore, this material is not a simple paper review, but put these public materials together, from the perspective of engineering implementation to push back the design ideas behind it. Descriptions in patent and product documents will be accompanied by vendor expressions, and the following technical inferences will try to indicate boundaries.

2.1 Official White Papers and Technical Documents

TypeInformationTechnical Value
Official Architecture DocumentThe Ontology systemClear Ontology is the core of the Foundry architecture, which consists of Language, Engine, and Toolchain and integrates Data, Logic, Action, and Security.
Official Concept DocumentOntology overviewExplain that the Ontology is a Operational Layer that contains semantic elements and dynamic/action elements.
Official concept documentOntology core conceptsDescribe the mapping relationship between Object Type, Property Type, Link Type, Action Type, data source, and model.
Official Object DocumentationObject types overviewExplain that an Object Type is a schema definition of a real entity or event.
Official Relationship DocumentationLink types overviewExplain that a Link Type is a Schema definition of a relationship between two object types.
Official property documentationProperties overviewExplain that Property is a schema definition of an object's characteristics.
Official action documentAction types overviewExplain that an Action Type is a set of business modifications to objects, attributes, and links.
Official action rules[Action rules]https://palantir.com/docs/foundry/action-types/rules/ that actions can create, modify, and delete objects and links.
Official Function DocumentationFunctions on ObjectsExplain that functions can read and modify objects and links.
Official Object Set APIAPI Object SetsThis section describes how to query objects such as object set filtering, search around, and aggregate computing.
official external functionExternal Functionsindicates that the external service can be called by Webhook, and the object can be written back by Ontology edit Function.
Official object backendObject backend overviewExplain that the Ontology backend is a microservice system, and object data is written by components such as Funnel.
Official OSDKOntology SDK overviewExplain that you can access the Ontology through SDKs such as TypeScript, Python, Java, and OpenAPI.
Official Permissions DocumentObject permissioning overviewExplain that fine-grained permissions can be configured for Ontology entities such as objects and links.
Official Security DocumentationManaging object securityDescribe object instance-level, attribute-level, and cell-level security policies.
Official AI ArchitectureAIP architectureExplain that AIP activates Data, Logic, Action, and Security through Ontology.
Official Automatic ModelingHyperAuto architectureExplain that source system metadata can be used to automatically generate data synchronization, transformation, and Ontology recommendations.
Official White PaperFoundry Technical Overview 2022Explain that Core Ontology contains semantic objects, relationships, Functions, Actions, and decision capture and writeback.
Official white paperEnabling Interoperability and Embracing Openness with FoundryExplain that Ontology definitions are stored in JSON and support open interfaces such as RDF, OWL, and REST API.
Official White PaperFoundry Streaming White PaperExplain how streaming data is Hydrate, Activate, and Wielded into Ontology.

2.2 Official Blog and AI Agent Information

TypeInformationTechnical Value
Official BlogConnecting AI to Decisions with the Palantir OntologyThe proposed decision consists of Data, Logic and Action, which Ontology capture the decision context and execute the closed loop.
Official BlogConnecting Agents to DecisionsExplain that when an Agent is connected to a decision, it needs unified data, logic, action, security, and decision blood.
Official BlogSecuring Agents in ProductionExplain working memory, episodic memory, semantic memory, procedural memory, security control, and tool governance in production-level Agent Runtime.
Official BlogBuilding with Palantir AIP: the OSDKExplain that OSDK allows developers to build applications based on business Ontology instead of directly operating the underlying system.
Industry AIExplain that Ontology can be used as an enhanced UNS in industrial scenarios, connecting data, logic and actions.

2.3 Patents and Engineering Implementation Clues

TypeInformationTechnical Value
PatentUS8489623B2:Creating data in a data store using a dynamic ontologyExplain the use of object type, attribute type, Parser, Mapping, and Validator to convert input data into dynamic ontology data.
PatentUS9330157B2:Cross-ontology multi-master replicationExplain that different organizations/systems can Ontology Map for object, attribute, link type mapping and multi-master replication.
PatentsUS20250077899A1:Systems and methods for knowledge graphsDescribes the knowledge graph construction ideas of Source Graph, Domain Graph, Mapping Profile, and Compiler.
patentUS20240354325A1:Efficient data indexing across multiple ontology-based databasesshows that Ontology objects can be mapped to multiple types of backends such as graph databases and relational databases at the same time, and access control and blood ties are maintained.
PatentUS12405983B1:Interacting with ontology-based databases using machine learningExplains how ML/natural language queries are converted into graph queries, SQL queries, and combines object-level security and kinship.
SDKpalantir/foundry-platform-Python Ontology APINote The Ontology metadata includes Objects, Links, Actions, Queries, and Interfaces.
SDKpalantir/osdk-tsDescription TypeScript OSDK supports applications to access Ontology in a type-safe manner.
SDK@ osdk/maker READMENote You can use code to define shared properties, Value Type, Interface, Object, Link, Action, and Derived Property.

2.4 Academic and Research Materials

TypeInformationTechnical Value
Conference PaperA Brief Analysis of Palantir Gotham: A Collaborative and Interactive Big Data Visualization Analysis Software Based on Dynamic OntologyAnalysis Palantir Gotham's dynamic ontology, structured data mapping, big data integration, business mapping and collaborative analysis architecture.
Research PaperThe Seer and the Seen: A Survey of Topics Found in Palantir PatentsThematic analysis of Palantir patents, covering topics such as ontology, semantic data structure, data integration, management analysis and prediction.

3. What is Palantir Ontology?

3.1 one sentence definition

In one sentence, I would understand Palantir Ontology as the "executable object layer" of the enterprise business world ". It does not only describe "what entities are there and what relationships are there between entities", but further describes "who can see these objects, what actions can be performed, how actions are verified, where they are written back after execution, and how the whole process is audited".

3.2 it's not just a knowledge map

Traditional knowledge graph focuses on "entity, relationship and semantic query", and mainly answers "what is and what is the relationship". The focus of the Palantir Ontology is more on the operating system, and the answer is "based on these business objects, what can we do, who can do it, where to write and how to audit".

Comparison ItemsTraditional Knowledge Graph/Semantic LayerPalantir Ontology
Key ObjectivesUnify semantics, support query and analysisSupport business operations, closed-loop decision making, and action execution
Data AbstractionEntity, Relationship, AttributeObject Type, Property, Link Type, Action Type, Function, Policy
Operation ModeMost of them are read-only.Integrated read-write, action execution, approval, write-back, and external call are supported.
Security governanceData table/graph-level permissionsObject-level, attribute-level, action-level, function-level, dynamic policy, and kinship audit
AI AdaptationUsually used as RAG or semantic query baseUsed as business tool layer, memory layer, decision context and action boundary of Agent
APISPARQL, Graph API, SQL, Search APIOSDK, REST/OpenAPI, Object Set API, Function, Action, Low-Code Application

3.3 it's not just a data center

The data center typically focuses on data collection, modeling, metrics, reports, labeling, and services. Ontology go one step further: translate data assets into objects that business people, applications, and agents can understand, and bind these objects to actions. For example:

-The data center cares about "order table, customer table, product table, indicator table".

-Ontology care about the customer object, order object, product object, which organization the customer belongs to, the current risk of the order, what actions can be initiated, whether the actions need approval, and which system to write back to after execution ".

So I prefer to think of Ontology as an "operational object model" between the data middle desk and the business application ". For Agent OS, this layer is especially important because it determines whether the agent is "reading data and adjusting interfaces" or working in a governed business world.

4. Core abstract model

4.1 Object Type: Business Object Type

An Object Type is a schema definition of a real-world entity, event, or business concept. Typical objects include:

-Communications industry: customers, numbers, packages, bills, tariffs, base stations, work orders, complaints, marketing activities.

-Food and beverage industry: brands, stores, dishes, orders, members, inventory, suppliers, employees, shifts, activities.

-Manufacturing industry: equipment, production lines, work orders, materials, batches, quality events, maintenance plans.

-Government and enterprise scenarios: enterprises, projects, contracts, personnel, assets, approval documents, risk events.

Object Type should not simply copy database tables, but should express stable business concepts that business users and agents can understand.

4.2 Property: Object Properties

Property are the fields and characteristics of an object, for example:

-Customer object: customer number, customer level, attribution area, ARPU, churn risk, time of last complaint.

-Store object: store code, brand, city, business status, daily turnover, customer complaint rate, inventory risk.

-Work Order Object: Work Order Type, Priority, Current Status, Handlers, SLA Remaining Time.

In terms of technical implementation, Property need to support:

-Base type: String, Number, Boolean, Date, Datetime, Enum.

-Complex types: JSON, Array, Geo, Media, Attachment.

-Analysis type: Time Series, Metric, Embedding, Score, or Feature.

-Governance attributes: source system, update time, blood ID, trust level, desensitization level.

4.3 Link Type: Object Relationship Type

A Link Type describes a business relationship between two object types, for example:

-Customers "order" packages.

-The store "belongs" to the brand.

-The job is "associated" with the customer.

-The device is "at" the site.

-Dishes "consume" raw materials.

Relationships need to express direction, cardinality, navigability, and security policies. Much of the agent's reasoning power comes not from the big model itself, but from these explicit business relationships. For example, "find out the reason why a store's bad reviews have increased in the last 7 days" requires searching along the relationship between stores, orders, reviews, dishes, shifts, employees, inventory, etc.

4.4 Interface and Shared Property Type: Shared Semantics

Interface can be understood as a set of properties and behaviors that are reused across objects. For example:

-Approvable objects: approval status, applicant, approver and approval time.

-Locatable objects: longitude, latitude, administrative division.

-Traceable object: creation time, update time, source system, blood ID.

-Risk assessable objects: risk level, risk reason, scoring model version.

This type of design prevents each object from repeatedly defining similar fields, and also allows the Agent to use unified logic to process different objects. For example, all objects that implement Approved Object can access the same set of Approval Actions.

4.5 Action Type: Business Action Type

Action Type is a key capability that distinguishes Palantir Ontology from the general knowledge graph. Action is not a normal button, but a business operation subject to schema, rules, permissions, approval, and audit constraints.

Typical Actions include:

-Create a job.

-Modify customer packages.

-Adjust the store inventory alert threshold.

-Launch a marketing campaign.

-Approve price changes.

-Mark the device as faulty.

-Trigger external system writeback.

An Action Type usually needs to be defined:

-Input parameters: which fields are required for the action.

-Action object: which Object Type or Link Type the action acts on.

-Validation rules: under which conditions submission is allowed.

-Permission policy: who can execute and whether the Agent can execute.

-Approval rule: whether manual confirmation is required.

-Execution logic: rule-based updates, function calls, workflow calls, external API calls.

-Writeback policy: Writeback Ontology, local object library, source system, or message queue.

-Audit information: who triggered the action when and for what context.

4.6 Function / Query: Business Logic Encapsulation

Function and Query are used to encapsulate reusable business logic:

-Query is read-only and is used for object filtering, graph traversal, aggregation, metric calculation, and complex queries.

-Function encapsulates computation, model inference, external service invocation, and object editing.

-Function-backed Action can host complex action logic for code execution.

-The External Function can be connected to the internal interface, model service, ERP, CRM and work order system through the Webhook.

For TAOS, this part can be combined with MCP, enterprise internal API gateway and workflow engine. MCP tools should not be just "bare interfaces", but should be mounted to concrete objects and actions.

4.7 Security Policy: Object-Level Security and Action-Level Security

Ontology security is not only controlled on the page menu, but throughout:

-Whether the object type is visible.

-Whether the object instance is visible.

-Whether the property is visible.

-Whether the relationship is traversable.

-Whether the Action is executable.

-Whether the Function is callable.

-Whether the Agent can execute on behalf of the user.

-Whether the output content can be written to memory or log.

This is critical for enterprise-class agents. Agent cannot bypass the existing permission system of the enterprise just because it can call tools. It is more reasonable for the Agent to inherit the user identity, position role, data domain, security level, and scenario authorization, and evaluate the policy for each object query and action execution.

5. Ontology technical implementation ideas

Overall 5.1 Architecture

Ontology Technology Architecture

If you only look at the product introduction, it is easy to understand the Ontology as an "advanced data catalog" or "business map". However, from the combination of public documents, SDK and patent information, it is more like a metadata-driven runtime system. In the picture above, I split it into three pieces:

  1. Ontology Language: defines the language of the business world, including objects, attributes, relationships, actions, functions, and security policies.
  2. Ontology Engine: Execute this set of languages, including object queries, graph traversal, indexing, action execution, transactions, writeback, and subscriptions.
  3. Ontology Toolchain: Provides a toolchain for modeling, publishing, SDK generation, application building, permission governance, and audit operations.

The most notable one here is the Engine. Without Engine,Ontology is just a beautiful metamodel; with Engine, it can compile object definitions into queries, indexes, permission judgments, and action executions.

5.2 Data Entry Ontology:Hydrate

Hydrate can be understood as the process of "pouring existing enterprise data into the world of business objects. This process is not just ETL, the real trouble is to translate technical fields into business semantics.

Data Entry Ontology:Hydrate Process

I think there are a few points here that are easily underestimated:

-Identify the primary key, foreign key, enumeration, time field, state field, and permission field of the source system first.

-Redesign the business object instead of mechanically copying the table structure.

-Describe "how source fields are mapped to object attributes and source table relationships are mapped to Link" with Mapping Profile ".

-Use Parser and Validator for data type conversion, quality verification, standardization and exception logging.

-Record the source, update time, kinship and trust level for each object, attribute, relationship.

5.3 From Object to Action: Activate

Activate solves another problem: how to make the object really participate in business actions after it is built. A read-only object model can only support analysis and become an operational object layer after query, Function, action, and policy are bound.

From object to action: Activate mechanism

For example, in the communications industry:

-Customer object binding "Query Customer Profile" Query.

-The "Adapt to package recommendation" Function is bound to the package object.

-The customer-package relationship binds the "change package" action.

-Strict access policies for high-value customers and sensitive tariff attributes.

-Agents can only access and manipulate business objects through these controlled queries, Function, and actions.

5.4 action execution link

Action execution link

This link is also the key boundary that I think TAOS needs to absorb: Agent should not directly adjust the database or bare API, but perform business actions through the governed Action. Only in this way can the authority, approval, audit, failure compensation and business responsibility be put into the same link.

5.5 Object Storage and Multiple Backend Indexes

A clear signal from public patents and official information is that the Ontology back-end is probably not a single database, but a multi-back-end object index system. It is more reasonable to give different query loads to different stores:

-Relational databases are suitable for storing normalized object properties, versions, transactions, and metadata.

-The graph database is suitable for relational traversal, Search Around, path query and network analysis.

-Search engine suitable for full-text search, fuzzy matching, multi-condition filtering.

-Time series databases are suitable for IoT, metrics, performance curves, and historical trends.

-Vector database is suitable for document semantics, object similarity, case recommendation and Agent memory retrieval.

-Object storage is suitable for attachments, pictures, contracts, audio and video, model files.

Therefore, the technical key is not to choose a "universal database", but to use Ontology Metadata as a unified schema, compile the same business object into different back-end indexes, and select the appropriate execution plan by Engine during query.

5.6 Metadata Driver and SDK Generation

Another engineering value of Ontology is metadata-driven. Once objects, properties, relationships, actions, functions, interfaces, and policies are registered as metadata, they can be further generated:

-API documentation.

-TypeScript/Python / Java SDK.

-MCP tool description.

-Low code form.

-Permission configuration interface.

-Action parameter validator.

-Agent Tool Schema.

-Audit and Bloodline templates.

In other words, once the business model is precipitated, it is not just a modeling document for people to see, but a "business operating system API" that people, applications, and agents can call ".

6. Relationship between Ontology and Agent OS

In order for Agent OS to truly enter the enterprise production environment, I think three questions must be answered first:

  1. What the Agent looks at: Can you see the correct, up-to-date, and permission-controlled business context.
  2. What Agent can do: Can it affect real business systems through controlled actions.
  3. How Agent is responsible for : whether it can record the reason, context, executor, approver, input and output and result.

The value of Ontology is here: it puts these three problems into the same framework.

Agent OSCapabilities Provided by OntologyTAOS Design Implications
What does the agent look at?Object, Property, Link, QueryThe agent obtains the context through the business object instead of directly reading tables or documents.
What the Agent can doAction, Function, Workflow, WritebackAgents invoke tools and write back to the system through controlled actions.
How the Agent is responsible forPolicy, Audit, Lineage, ScenarioEach query and action is traceable, approvable, and replayed.
How does the Agent memorizeObject-based Session, tasks, Decision, and memoriesThe memory is incorporated into the Ontology instead of being scattered in the vector library.
How to reuse Agent capabilitiesOSDK, MCP Gateway, Tool SchemaUnify object capabilities, action capabilities, Prompt, and Skill into assets.

7. TAOS can learn from the enterprise operation ontology design

7.1 Core Objects in TAOS

For TAOS, you can first objectification the assets that are most likely to get out of control and most worthy of precipitation in the operation of the enterprise Agent:

Object TypeDescription
BusinessObjectReal business objects of the enterprise, such as customers, stores, commodities, work orders, contracts, and equipment.
KnowledgeAssetKnowledge assets, such as documents, systems, FAQs, metrics, process specifications, and product manuals.
PromptAssetPrompt assets, such as Architecture Prompt, Security Prompt, Domain Prompt, and Review Prompt.
SkillAssetSkill assets, such as query skills, review skills, planning skills, and tool invocation skills.
MCPToolMCP tool after enterprise internal interface encapsulation.
AgentAgent instances, including roles, targets, models, tools, permissions, and running policies.
SessionSession object for session ID isolation, context summary, task status, and permissions boundaries.
MemoryMemory objects, including working memory, episodic memory, semantic memory, and procedural memory.
ActionYou can perform actions, such as querying customers, creating work orders, initiating approval, calling interfaces, and updating knowledge.
PolicyPermissions and governance policies, such as RBAC, ABAC, data classification, approval rules, and output constraints.
DecisionDecision records, including inputs, inference processes, cited knowledge, actions, results, and feedback.

7.2 TAOS Ontology Metamodel Recommendations

TAOS Ontology metamodel recommendations

7.3 TAOS Technology Module Split

ModuleResponsibilitiesSuggest Technology
Ontology Metadata ServiceManage objects, attributes, relationships, actions, functions, and policy metadataPostgreSQL JSONB, Schema Registry, and OpenAPI
Object StoreStores object instances, properties, versions, and sourcesPostgreSQL, MySQL, and Lakehouse tables
Graph/Link StoreStores object relationships and graph traversal indexesNeo4j, JanusGraph, ArangoDB, NebulaGraph
Search IndexSupports object search, full-text search, and complex filteringOpenSearch, Elasticsearch
Vector IndexSupport knowledge, memory, case, object similarity retrievalMilvus, Qdrant, pgvector
Time Series StoreSupports metrics, IoT, behavior series, and trend analysisTimescaleDB, Druid, and ClickHouse
Mapping and Sync ServiceSource system-to-object model mapping, synchronization, CDC, and quality verificationKafka/Pulsar, Debezium, Airflow, and Flink
Action RuntimeExecute object actions, approvals, writebacks, compensation, and workflowsTemporal, Camunda, Flowable, Spring Boot
Function RuntimeExecution rules, models, external functions, plug-in logicJava/Python Sandbox, Serverless, K8s Job
Policy EngineObject-level, attribute-level, action-level, and agent-level permissionsOPA, Casbin, Keycloak, IAM/SSO
MCP GatewayExposes enterprise interfaces, object queries, actions as MCP toolsMCP Server, OpenAPI Adapter, Tool Registry
OSDK GeneratorAutomatically generate the business object SDK and Tool SchemaOpenAPI Generator, TypeScript, Python, and Java SDKs
Audit & LineageRecord query, action, decision, model, Prompt, tool call bloodOpenTelemetry, Kafka, log lake, audit library
Ontology StudioVisual modeling, mapping, publishing, version comparison, and governanceFront-end modeler, Draw.io/Graph UI, low-code forms

8. Combination of MCP, Prompt, Skill and Ontology in TAOS

8.1 MCP is not an interface market, but an execution channel for Action

After the internal interface of the enterprise is packaged into MCP, I do not recommend directly exposing it to Agent. A safer way is to bind to the Ontology Action first.

For example:

-Bare MCP tool: 'changeCustomerPlan(customerId, planId)'.

-Ontology Action: 'Customer. Change Package '.

-Action Governance: Check whether the customer exists, whether the package is available for sale, whether the user has permission, whether approval is required, whether change reasons need to be recorded, and whether to write back to CRM/BOSS.

The benefits of this are more practical:

-Agent sees business actions, not technical interfaces.

-Unified closing of parameter verification, permission, approval and audit.

-The same action can replace the underlying implementation without affecting the Agent and the application.

-Actions can be reused by people, agents, workflows, low-code applications.

8.2 Prompt Asset should be a Ontology asset

If the Prompt Library is only a Prompt text warehouse, its value will be relatively limited. What can really settle down should be the Prompt Asset System.

PromptAsset recommendations for inclusion in Ontology management:

-Prompt types: Architecture Prompt, Security Prompt, Domain Prompt, Review Prompt, and Operation Prompt.

-Applicable objects: Bind to Object Type, Action Type, Agent Role, and business scenario.

-Version governance: draft, review, release, discard, rollback.

-Quality indicators: hit rate, satisfaction, error rate, tool call success rate, manual correction rate.

-Security policy: whether it can be used for sensitive data, whether to allow outgoing, whether to allow automatic execution of actions.

-Optimization of closed loop: Combined with SkillOpt / PromptOpt ideas, continuous optimization based on evaluation sets and real running logs.

The core of the Prompt Governance is not "who writes Prompt fast", but who can turn Prompt into an enterprise-level asset that can be governed, evaluated, reused, audited, and continuously optimized.

8.3 Skill management should also be object-based

Skill is the reusable capability unit of Agent, which can include:

-Domain analysis skills.

-Tool calling skills.

-Review skills.

-Summary skills.

-Planning skills.

-Report generation skills.

-Code generation skills.

-Safety inspection skills.

SkillAsset need to record:

-Input/output Schema.

-Callable tools.

-Dependent on Prompt.

-Reliance on knowledge assets.

-Applicable Agent.

-Permission boundaries.

-Evaluation results.

-Version and release status.

In this way, Skill can precipitate and reuse like SDK, component library and rule library.

8.4 Memory Should Also Enter Ontology Governance

The memory of an enterprise agent cannot be just fragments of a vector library. My suggestion is to split the memory into four categories and then include object management:

Memory TypeDescriptionTAOS Implementation Recommendations
Working MemoryThe temporary context of the current taskBind the Session, set the TTL, and archive the summary after the session ends.
Episodic MemoryThe process record of a task, session, or decisionis saved as a Decision, task, or Session object, and can be audited and replayed.
Semantic MemoryStable knowledge, facts, rules, and business dimensionsEnter KnowledgeAsset or BusinessObject attributes.
Procedural MemoryWork Methods, Processes, Operational StrategiesEnter SkillAsset, PromptAsset, and Workflow.

Session ID isolation can be embodied on Session objects:

-Each session creates a separate Session ID.

-Session the user, organization, agent, task, and permission context.

-Working Memory, tool call, temporary file, context summary are bound to Session ID.

-Information that is multiplexed across Session must be summarized, desensitized, validated and assetized.

-In high-risk scenarios, only the audit summary is retained after the Session, not the complete context.

9. TAOS Landing Route Recommendations

9.1 Phase 1: Read-Only Business Object Layer

In the first stage, don't rush to do complex actions, let the Agent and application "understand the enterprise" first ".

Key work:

-Select 2 to 3 core business domains, such as customer, product, work order or store, order, member.

-Create Object Type, Property Type, Link Type.

-Access to core data sources to complete Mapping Profile.

-Establish object query API, graph traversal API, search API.

-Access basic permissions and audits.

-Let the Agent answer business questions through object queries.

Deliverable:

-Business object model.

-Data mapping table.

-Object Query Service.

-Object graph visualization.

-Agent Read-only Q & A Demo.

9.2 Phase II: Controlled Action and MCP Writeback

In the second stage, the Agent is pushed from "question and answer assistant" to "executable assistant", but the action should start from the low-risk scene.

Key work:

-Select low-risk actions, such as create work orders, generate reports, initiate approvals, query inventory, send notifications.

-Encapsulate the internal interface as an MCP tool.

-Bind the MCP tool to the Ontology Action.

-Added Action parameter verification, permission, approval, and audit.

-Support action execution results written back to the object layer and source system.

Deliverable:

-Action Registry.

-MCP Gateway.

-Action Runtime.

-Approval and audit links.

-The Agent performs the action Demo.

9.3 Phase III: Prompt / Skill / Memory Asset

The focus of the third phase is to transform Agent capabilities from personal experience to corporate assets.

Key work:

-Create PromptAsset, SkillAsset, Memory, Decision, etc.

-Establish Prompt version management, review and release, evaluation and optimization process.

-Establish Skill registration, dependency management, evaluation, and grayscale release mechanisms.

-Establish Session isolation, contextual summaries, and memory governance.

-Establish a closed loop from the running log to the optimized data set.

Deliverable:

-Prompt Asset System.

-Skill Registry.

-Agent Memory Service.

-PromptOpt/SkillOpt evaluation optimization closed loop.

9.4 Phase IV: Decision Closed Loop and Industry Scenario Replication

The fourth stage is suitable to talk about industry replication. When the first three steps do not run through, the industry template is often just a concept package.

Key work:

-Package industry objects, actions, Prompt, Skill, Workflow as industry templates.

-Establish scenario simulation, scheme comparison and selection, manual approval and execution feedback closed loop.

-Access to BI, low-code applications, mobile and business workbenches.

-Establish multi-tenant, multi-organization, multi-data domain isolation.

-Establish asset markets and reuse mechanisms.

Deliverable:

-Industry Ontology template.

-Agent Scene Pack.

-Decision closed loop workbench.

-Enterprise-level asset markets.

10. Key Design Principles

  1. First business object, then technical interface

Do not let the Agent face tables, interfaces, document fragments. First abstract stable business objects such as customers, orders, stores, products, work orders, etc.

  1. The object model is not equal to the database table model.

Object Type should serve the business understanding and action closed loop, and cannot simply copy the source system table structure.

  1. Action is a first class citizen

The value of enterprise-class agents is not just to answer questions, but to complete actions safely, controllably, and auditable.

  1. Permissions must sink to objects, attributes, relationships, actions, and memories

You cannot do only menu permissions or interface permissions. What the Agent accesses, remembers, outputs, and executes is controlled by policy.

  1. The Ontology is an operational projection and does not necessarily replace the source system

The source system can still be a fact source, Ontology responsible for unifying object views, operational abstractions, writeback coordination, and audit closed loops.

  1. Prompt and Skill to be governed like code assets

Version, review, release, evaluation, rollback, dependency, permission, and usage statistics are required.

  1. Memory needs governance, not just storage

The memory of an enterprise Agent is bound with Session, users, permissions, tasks, sources, and life cycles.

  1. From the narrow scene to do deep, do industry template

Don't start to build a whole enterprise big and all Ontology. Priority is given to high-frequency, high-value, clear boundary business closed loop.

11. Suggestions for specific enhancements to the TAOS scheme

It is recommended to add a new core chapter in the TAOS upgrade plan: Enterprise Operational Ontology: Enterprise Operation Ontology Layer.

This chapter can be used as the central ability of TAOS, and the relationship with the original ability is as follows:

TAOS Original CapabilitiesOntology Enhancement Methods
Agent RuntimeThe Agent runtime obtains the context, calls the action, and records the Decision through the Ontology.
MCP gatewayThe MCP tool binds Ontology actions to form a business action layer.
Prompt LibraryPromptAsset bind objects, actions, scenarios, and profiling metrics.
Skill ManagementBind Prompts, tools, objects, and permission policies SkillAsset.
Knowledge GovernanceKnowledgeAsset and BusinessObject are mapped to form unified governance of knowledge data actions.
Memory systemMemory, Session, Decision objectification, support for summarization, isolation, lifecycle, and auditing.
Security GovernancePolicy Engine sinks into objects, attributes, relationships, actions, tools, and memories.
Evaluation optimizationRun logs, decision results, and manual feedback enter the Evaluation Dataset to drive PromptOpt/SkillOpt.

It is recommended that the technical positioning of TAOS be further upgraded from an "enterprise-class intelligent body management platform":

TAOS is an Agent Operating System for enterprise production environment. with the enterprise operation ontology as the core, it unifies data, knowledge, Prompt, Skill, MCP tools, business actions, security policies and Agent Runtime to help enterprises upgrade AI from question-and-answer capability to controllable, auditable and reusable business execution capability.

12. Presales oriented

In the pre-sales scene, the following passage can be used to explain why TAOS needs Ontology:

The biggest difficulty for an enterprise to become an Agent is not how many models are connected or how many tools are encapsulated, but whether the Agent truly understands the business world of the enterprise. Through the enterprise operation ontology, TAOS models customers, products, orders, stores, work orders, contracts, knowledge, Prompt, Skill, tools, and actions in a unified way, allowing agents to obtain context, call capabilities, execute actions, and accept permissions, security, and audit constraints in the same business language. In this way, AI can change from "being able to answer" to "being able to handle affairs, doing it accurately, doing it stably, and doing it traceable".

If the customer is already working on a knowledge base, tool platform, or agent platform, you can also use the following comparison table to communicate the differences:

Agent platform without OntologyTAOS with Ontology
The agent directly reads documents and tunes interfaces, so the semantics are unstable.The agent understands the enterprise through business objects.
Many tools, but missing business boundariesTools are encapsulated as governed Action
Prompt is maintained by personal experiencePrompt becomes a reviewable, evaluable and reusable asset
Memories are scattered in vector libraries and logs.Memories are bound to Session, tasks, permissions, and life cycles.
Permissions are mainly controlled by interfaces or pages.Permissions sink to objects, properties, actions, and outputs.
It's hard to explain why agents do this.Every decision has objects, knowledge, prompts, tools, and actions.
Scene replication depends on manual rebuildIndustry objects, actions, Prompt, Skill can be reused in templates

13. Risks and Constraints

13.1 over-modeling risk

The most easy place for Ontology to go is to make a huge and heavy enterprise model project. It is recommended to start from the scene and only build the objects, relationships, and actions that are really needed by the current business closed loop.

13.2 Data Quality Risk

If the source system master data is confused, field meanings are inconsistent, and permission tags are missing, Ontology will only expose the problem more clearly. Supporting data quality, master data, consanguinity and responsible person mechanisms are needed.

13.3 Writeback Consistency Risk

When an agent performs an action, it may affect both the Ontology object library and multiple source systems. The source of facts, transaction boundaries, compensation mechanisms, failure retries, and manual support need to be clarified.

13.4 Security Complexity Risk

Object-level, attribute-level, action-level, and Agent-level permissions significantly increase governance complexity. It is recommended to establish clear data fields, roles, security levels, and approval rules in the early stage, and gradually refine them.

13.5 Agent Illusion and Misoperation Risk

Ontology can constrain the agent's input, context, and action boundaries, but it cannot completely eliminate the model illusion. High-risk actions must be added with manual confirmation, rule checksum and rollback.

14. Minimum feasible architecture proposal

If TAOS wants to be a landing MVP, I suggest starting with the following minimum closed loop:

TAOS Ontology MVP Minimum Closed Loop

MVP does not need to do a complete knowledge map and full object library at the beginning. It is more important to verify a few basic questions:

-Whether the Agent can stably understand the business through the object model.

-Whether the MCP tool can be safely executed via Action.

-Whether Prompt, Skill and Memory can be managed as assets.

-Whether permissions and audits can cover a complete decision link.

-Whether business people can continuously expand the scene based on objects and actions.

15. Recommend follow-up work

  1. Upgrade the knowledge governance in the TAOS solution to" enterprise operation ontology governance "

Governance not only document knowledge, but also business objects, relationships, metrics, actions, Prompt, Skill, and memory.

  1. Complements the TAOS Ontology Studio Design

Includes object modeling, relational modeling, data mapping, action configuration, permission configuration, version release, and impact analysis.

  1. Complementary TAOS MCP Action Gateway Design

Clarify how MCP tools are registered, how objects are bound, how permissions are included, approvals, and audits.

  1. Supplemental TAOS Prompt / Skill / Memory Asset Model

The Prompt Library, Skill management, context summary, session isolation and memory management to the Ontology Asset system.

  1. Choose an industry model to do PoC

For communication customers, you can choose "customer-product-tariff-work order-marketing" closed loop. For catering customers, you can choose "brand-store-order-member-inventory-evaluation" closed loop.